Packages changed:
  cni (0.7.0 -> 0.7.1)
  cri-o
  curl (7.65.1 -> 7.65.3)
  flannel
  kernel-source (5.2.1 -> 5.2.2)
  kubernetes
  podman (1.4.2 -> 1.4.4)
  rook (1.0.0+git1697.ga265cdfd -> 1.0.0+git1783.g7a48482f)
  salt
  systemd

=== Details ===

==== cni ====
Version update (0.7.0 -> 0.7.1)

- Update to version 0.7.1:
  * Library changes:
    + invoke : ensure custom envs of CNIArgs are prepended to process envs
    + add GetNetworkListCachedResult to CNI interface
    + delegate : allow delegation funcs override CNI_COMMAND env automatically in heritance
  * Documentation & Convention changes:
    + Update cnitool documentation for spec v0.4.0
    + Add cni-route-override to CNI plugin list
  * Build and test changes:
    + Release: bump go to v1.12

==== cri-o ====
Subpackages: cri-o-kubeadm-criconfig

- Update crio.conf to use correct pause_command
- Update crio.conf to use better versioned pause container
- Update crio.conf to use official kubic pause container

==== curl ====
Version update (7.65.1 -> 7.65.3)
Subpackages: libcurl4

- Update to 7.65.3
  * progress: make the progress meter appear again
- Update to 7.65.2
  * Bugfixes:
  - CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
  - CMake: Fix finding Brotli on case-sensitive file systems
  - CURLOPT_RANGE.3: Caution against using it for HTTP PUT
  - CURLOPT_SEEKDATA.3: fix variable name
  - bindlocal: detect and avoid IP version mismatches in bind()
  - build: fix Codacy warnings
  - c-ares: honor port numbers in CURLOPT_DNS_SERVERS
  - config-os400: add getpeername and getsockname defines
  - configure: --disable-progress-meter
  - configure: fix --disable-code-coverage
  - configure: more --disable switches to toggle off individual features
  - configure: remove CURL_DISABLE_TLS_SRP
  - conn_maxage: move the check to prune_dead_connections()
  - curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds
  - docs: Explain behavior change in --tlsv1. options since 7.54
  - docs: Fix links to OpenSSL docs
  - docs: fix string suggesting HTTP/2 is not the default
  - headers: Remove no longer exported functions
  - http2: call done_sending on end of upload
  - http2: don't call stream-close on already closed streams
  - http2: remove CURL_DISABLE_TYPECHECK define
  - http: allow overriding timecond with custom header
  - http: clarify header buffer size calculation
  - krb5: fix compiler warning
  - lib: Use UTF-8 encoding in comments
  - libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS
  - multi: enable multiplexing by default (again)
  - multi: fix the transfer hashes in the socket hash entries
  - multi: make sure 'data' can present in several sockhash entries
  - netrc: Return the correct error code when out of memory
  - nss: don't set unused parameter
  - nss: inspect returnvalue of token check
  - nss: only cache valid CRL entries
  - openssl: define HAVE_SSL_GET_SHUTDOWN based on version number
  - openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined
  - openssl: fix pubkey/signature algorithm detection in certinfo
  - os400: make vsetopt() non-static as Curl_vsetopt() for os400 support
  - quote.d: asterisk prefix works for SFTP as well
  - runtests: keep logfiles around by default
  - runtests: report single test time + total duration
  - test1165: verify that CURL_DISABLE_ symbols are in sync
  - test1521: adapt to SLISTPOINT
  - test1523: test CURLOPT_LOW_SPEED_LIMIT
  - test153: fix content-length to avoid occasional hang
  - test188/189: fix Content-Length
  - tests: have runtests figure out disabled features
  - tests: support non-localhost HOSTIP for dict/smb servers
  - tests: update fixed IP for hostip/clientip split
  - tool_cb_prg: Fix integer overflow in progress bar
  - typecheck: CURLOPT_CONNECT_TO takes an slist too
  - typecheck: add 3 missing strings and a callback data pointer
  - unit1654: cleanup on memory failure
  - unpause: trigger a timeout for event-based transfers
  - url: Fix CURLOPT_MAXAGE_CONN time comparison
- Rebased patch curl-use_OPENSSL_config.patch
- Disable new added failing test1165

==== flannel ====

- Set cni version in flannel manifest
- Use current kube-flannel.yaml from git to fix DNS problems

==== kernel-source ====
Version update (5.2.1 -> 5.2.2)
Subpackages: kernel-debug kernel-default

- Revert "netfilter: conntrack: remove helper hook again"
  (http://lkml.kernel.org/r/20190718092128.zbw4qappq6jsb4ja@breakpoint.cc).
- commit 8e9a006
- Linux 5.2.2 (bnc#1012628).
- x86/entry/32: Fix ENDPROC of common_spurious (bnc#1012628).
- crypto/NX: Set receive window credits to max number of CRBs
  in RxFIFO (bnc#1012628).
- crypto: talitos - fix hash on SEC1 (bnc#1012628).
- crypto: talitos - move struct talitos_edesc into talitos.h
  (bnc#1012628).
- s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
  (bnc#1012628).
- s390/qdio: (re-)initialize tiqdio list entries (bnc#1012628).
- s390: fix stfle zero padding (bnc#1012628).
- s390/ipl: Fix detection of has_secure attribute (bnc#1012628).
- ARC: hide unused function unw_hdr_alloc (bnc#1012628).
- x86/irq: Seperate unused system vectors from spurious entry
  again (bnc#1012628).
- x86/irq: Handle spurious interrupt after shutdown gracefully
  (bnc#1012628).
- x86/ioapic: Implement irq_get_irqchip_state() callback
  (bnc#1012628).
- genirq: Add optional hardware synchronization for shutdown
  (bnc#1012628).
- genirq: Fix misleading synchronize_irq() documentation
  (bnc#1012628).
- genirq: Delay deactivation in free_irq() (bnc#1012628).
- firmware: improve LSM/IMA security behaviour (bnc#1012628).
- drivers: base: cacheinfo: Ensure cpu hotplug work is done
  before Intel RDT (bnc#1012628).
- nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu()
  in uapi header (bnc#1012628).
- Input: synaptics - enable SMBUS on T480 thinkpad trackpad
  (bnc#1012628).
- e1000e: start network tx queue only when link is up
  (bnc#1012628).
- Revert "e1000e: fix cyclic resets at link up with active tx"
  (bnc#1012628).
- commit 93f0a54

==== kubernetes ====
Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet

- Don't create rckubeadm symlink, we don't have a kubeadm service
- kubeadm does not need kubernetes-common
- Don't build hyperkube binary on openSUSE, we need single binaries
  for the containerized control plane.

==== podman ====
Version update (1.4.2 -> 1.4.4)
Subpackages: podman-cni-config

- Update libpod.conf to use correct infra_command
- Update libpod.conf to use better versioned pause container
- Update libpod.conf to use official kubic pause container
- Update libpod.conf to match latest features set:
  detach_keys, lock_type, runtime_supports_json
- Add podman-remote varlink client
- Update podman to v1.4.4
  * Features
  - Podman now has greatly improved support for containers using multiple OCI
    runtimes. Containers now remember if they were created with a different
    runtime using --runtime and will always use that runtime
  - The cached and delegated options for volume mounts are now allowed for
    Docker compatability (#3340)
  - The podman diff command now supports the --latest flag
  * Bugfixes
  - Fixed a bug where rootless Podman would attempt to use the entire root
    configuration if no rootless configuration was present for the user,
    breaking rootless Podman for new installations
  - Fixed a bug where rootless Podman's pause process would block SIGTERM,
    preventing graceful system shutdown and hanging until the system's init
    send SIGKILL
  - Fixed a bug where running Podman as root with sudo -E would not work after
    running rootless Podman at least once
  - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag
    were being ignored
  - Fixed a bug where images with no layers could not properly be displayed
    and removed by Podman
  - Fixed a bug where locks were not properly freed on failure to create a
    container or pod
  - Fixed a bug where podman cp on a single file would create a directory at
    the target and place the file in it (#3384)
  - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a
    hexadecimal address instead of a container's mounts
  - Fixed a bug where rootless Podman would not add an entry to container's
    /etc/hosts files for their own hostname (#3405)
  - Fixed a bug where podman ps --sync would segfault (#3411)
  - Fixed a bug where podman generate kube would produce an invalid ports
    configuration (#3408)
  * Misc
  - Updated containers/storage to v1.12.13
  - Podman now performs much better on systems with heavy I/O load
  - The --cgroup-manager flag to podman now shows the correct default setting
    in help if the default was overridden by libpod.conf
  - For backwards compatability, setting --log-driver=json-file in podman run
    is now supported as an alias for --log-driver=k8s-file. This is considered
    deprecated, and json-file will be moved to a new implementation in the
    future ([#3363](https://github.com/containers/libpo\
    d/issues/3363))
  - Podman's default libpod.conf file now allows the crun OCI runtime to be
    used if it is installed

==== rook ====
Version update (1.0.0+git1697.ga265cdfd -> 1.0.0+git1783.g7a48482f)

- Correct toolbox location in manifest files
- Update Rook to commit 7a48482f5cd92397eef068d097ad233739ceae06
  + ceph: run ceph processes with the 'ceph' user
  + Correct typo about skipVolumeForDirectory's code comment
  + Fix: topologyAware does not pick up failure domains.
  + Correct typo about skipVolumeForDirectory's code comment
- Update Rook to commit 0141cfea50a7f80ff1ee67aa8cc7ad28edc79a64
  + OSD startup on SDN for error "Cannot assign requested address"
  + Change default frontend on nautilus to beast
  + RGW daemon updates:
    ~ Remove support for AllNodes where we would deploy one rgw per node on all the nodes
    ~ Each rgw deployed has its own cephx key
    ~ Upgrades will automatically transition these changes to the rgw daemons
  + Correct --ms-learn-addr-from-peer=false argument for ceph-osd
  + When updating the CephCluster CR to run unsupported octopus, fix operator panic
  + Add metrics for the flexvolume driver
  + Set the fully qualified apiVersion on the OwnerReferences for cleanup on OpenShift
  + Stop enforcing crush tunables for octopus warning
  + Apply the osd nautilus flag for upgrade
  + RGW: Set proper port syntax for beast in nautilus deployments
  + Stop creating initial crushmap to avoid incorrect crush map warning
  + Use correct rounding of PV size for binding of PVCs (for example G or Gi)
- Add psp to common.yaml
- Use ceph-base pattern instead of packages

==== salt ====
Subpackages: python3-salt salt-master salt-minion

- virt.volume_infos: don't raise an error if there is no VM
- Added:
  * virt-1.volume_infos-fix-for-single-vm.patch
- Prevent ansiblegate unit tests to fail on Ubuntu
- Added:
  * prevent-ansiblegate-unit-tests-to-fail-on-ubuntu.patch

==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev

- Import commit 0f9271c1336c5c9055e75389732a44745d796851 (changes from v242-stable)
  07f0549ffe network: do not send ipv6 token to kernel
  9d34e79ae8 systemd-mount: don't check for non-normalized WHAT for network FS
  5af677680c core: set fs.file-max sysctl to LONG_MAX rather than ULONG_MAX (bsc#1142099)
  29dda7597a random-util: eat up bad RDRAND values seen on AMD CPUs
  eb6c17c178 util-lib: fix a typo in rdrand
  829c20dc8e random-util: rename "err" to "success"
  5442366fbf man: rework the description of Aliases and .wants/.requires directories
  ae71c6f634 docs: typo in arg name replace-irreversible -> replace-irreversibly
  09774a5fcb meson: make nologin path build time configurable
  69ffeeb0b1 man: add note about systemctl stop return value
  4cf14b5513 shared/conf-parser: say "key name" not "lvalue", add dot
  4481ca7f86 shared/conf-parser: emit a nicer warning for something like "======"
  46f3db894b shared/conf-parser: be nice and ignore lines without "="
  7d928995f7 nspawn: fix memleak in argument parsing
  7727e6c0ae resolve: fix memleak
  7f32a81976 journal: properly read unaligned le64 integers
  fa419099e5 activate: move array allocation to heap
  815a9fef2a systemctl: print non-elapsing timers as "n/a" not "(null)"
  a4fc3c88f1 factory: include pam_keyinit.so in PAM factory configuration
  a453d63315 factory: add comment to PAM file, explaining that the defaults are not useful
  d9a5a70a59 factory: tighten PAM configuration
  5e2d3bf80b test: make sure colors don't confuse our test
  5fe3be1334 wait-online: change log level
  c49b6959d5 systemctl: emit warning when we get an invalid process entry from pid1 and continue
  3c9f43eb03 systemctl: do not suggest passing --all if the user passed --state=
  5964d1474e man: offline-updates: make dependence on system-update.target explicit
  a04dd26e03 alloc-util: drop _alloc_ decorator from memdup_suffix0()
  7c46a694ca man: add example for setting multiple properties at once
  1d72789271 man: CPUShares= is so 2015
  45da304673 man: document that WakeSystem= requires privs
  bed58a06e4 man: document that "systemd-analyze blame/critical-chain" is not useful to track down job latency
  c5461f31b3 man: be more explicit that Type=oneshot services are not "active" after starting
  455ee07abe man: document that the supplementary groups list is initialized from User='s database entry
  5f0cb2616a alloc-util: drop _alloc_(2, 3) decorator from memdup_suffix0_multiply()
  7bc336794d generator: downgrade Requires= ? Wants= of fsck from /usr mount unit
  66465c4381 systemctl: allow "cat" on units with bad settings
  ca937b49da pid1: fix serialization/deserialization of commmands with spaces
  4bb3113023 growfs: call crypt_set_debug_level() correctly, skip if not needed
  0db716771e cryptsetup: enable libcryptsetup debug logging if we want it
  c8b9b3956f cryptsetup: set libcryptsetup global log callback too
  679b3f6b7f basic/log: fix SYSTEMD_LOG_* parsing error messages
  8d6b5158aa units: add SystemCallErrorNumber=EPERM to systemd-portabled.service
  6681fcd445 network: fix the initial value of the counter for brvlan
  853ec5f458 man: Add some notes about variable $prefix for StateDirectory=
  e6d23358e9 sd-netlink: fix inverted log message
  6feb862407 blockdev: filter out invalid block devices early
  9f7c0dbc75 blockdev-util: propagate actual error
  3f5355bcb9 man: document tmpfiles.d/ user/group resolvability needs
  c15b92cd98 man: fix wrong udev property name
  9768a900d6 meson: drop duplicated source
  15194f22ed cryptsetup-generator: fix luks-* entry parsing from crypttab
  c2475390b4 core: skip whitespace after "|" and "!" in the condition parser
  fdc754aeb7 shared/condition: fix printing of ConditionNull=
  572385e135 test: add testcase for issue #12883
  9aa1edddb0 conf-parser: fix continuation handling
  8fbc72f45f networkd: fix link_up() (#12505)
- State directory of systemd-timesync might become inaccessible after upgrading to v240+ (bsc#1137341)
  This happens for users who had previously used systemd-timesync with
  DynamicUser=true, ie the ones who upgraded from a systemd version
  between v235 and v239 to systemd v240 and later (v240 was the
  version where DynamicUser was switched back to OFF).